Skip to content

Commit 67d4ab7

Browse files
jotokjotok
authored
Upgrade Jackson version to 2.11.4 (#13)
* Upgrade Jackson version to 2.11.4 Upgrade Jackson version to 2.11.4 to match OpenSearch core. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28491 * Force resolution of new Jackson versions * Add jackson-core to force-resolved dependencies
1 parent cb34f28 commit 67d4ab7

File tree

1 file changed

+9
-8
lines changed

1 file changed

+9
-8
lines changed

build.gradle

Lines changed: 9 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -222,6 +222,8 @@ dependencies {
222222
compile files("${System.properties['java.home']}/../lib/tools.jar")
223223
}
224224

225+
def jacksonVersion = "2.11.4"
226+
225227
configurations {
226228
// jarHell reports class name conflicts between securemock and mockito-core
227229
// has to disable one of them.
@@ -232,12 +234,11 @@ dependencies {
232234

233235
configurations.all {
234236
resolutionStrategy {
235-
force 'com.fasterxml.jackson.core:jackson-databind:2.10.5.1'
236-
force 'com.fasterxml.jackson.core:jackson-core:2.10.5'
237-
force 'com.fasterxml.jackson.dataformat:jackson-dataformat-smile:2.10.5'
238-
force 'com.fasterxml.jackson.dataformat:jackson-dataformat-yaml:2.10.5'
239-
force 'com.fasterxml.jackson.dataformat:jackson-dataformat-cbor:2.10.5'
240237
force 'junit:junit:4.13.1'
238+
force "com.fasterxml.jackson.core:jackson-annotations:${jacksonVersion}"
239+
force "com.fasterxml.jackson.core:jackson-core:${jacksonVersion}"
240+
force "com.fasterxml.jackson.core:jackson-databind:${jacksonVersion}"
241+
force "com.fasterxml.jackson.module:jackson-module-paranamer:${jacksonVersion}"
241242
}
242243
}
243244

@@ -249,9 +250,9 @@ dependencies {
249250
compile 'org.bouncycastle:bcprov-jdk15on:1.68'
250251
compile 'org.bouncycastle:bcpkix-jdk15on:1.68'
251252
compile 'com.amazon.opensearch:performanceanalyzer-rca:1.0.0.0-beta1'
252-
compile 'com.fasterxml.jackson.core:jackson-annotations:2.10.5'
253-
compile 'com.fasterxml.jackson.core:jackson-databind:2.10.5.1'
254-
compile 'com.fasterxml.jackson.module:jackson-module-paranamer:2.10.5'
253+
compile "com.fasterxml.jackson.core:jackson-annotations:${jacksonVersion}"
254+
compile "com.fasterxml.jackson.core:jackson-databind:${jacksonVersion}"
255+
compile "com.fasterxml.jackson.module:jackson-module-paranamer:${jacksonVersion}"
255256
compile(group: 'org.apache.logging.log4j', name: 'log4j-api', version: '2.11.1') {
256257
force = 'true'
257258
}

0 commit comments

Comments
 (0)